/*
 * xdr.c
 * -----
 * Serialization/deserialization routines, using XDR (RFC 4506) encoding.
 * These functions are not part of the public libhal API.
 *
 * Copyright (c) 2016-2018, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <stdint.h>
#include <string.h>             /* memcpy, memset */

#include "hal.h"
#include "hal_internal.h"	/* htonl/ntohl */
#include "xdr_internal.h"

/* encode/decode_int. This covers int, unsigned int, enum, and bool types,
 * which are all encoded as 32-bit big-endian fields. Signed integers are
 * defined to use two's complement, but that's universal these days, yes?
 */

hal_error_t hal_xdr_encode_int(uint8_t ** const outbuf, const uint8_t * const limit, const uint32_t value)
{
    /* arg checks */
    hal_assert(outbuf != NULL && *outbuf != NULL && limit != NULL && limit >= *outbuf);

    /* buffer overflow check */
    if ((size_t)(limit - *outbuf) < sizeof(value))
        return HAL_ERROR_XDR_BUFFER_OVERFLOW;

    **(uint32_t **)outbuf = htonl(value);
    *outbuf += sizeof(value);
    return HAL_OK;
}

/* decode an integer value without advancing the input pointer */
hal_error_t hal_xdr_decode_int_peek(const uint8_t ** const inbuf, const uint8_t * const limit, uint32_t *value)
{
    /* arg checks */
    hal_assert(inbuf != NULL && *inbuf != NULL && limit != NULL && limit >= *inbuf && value != NULL);

    /* buffer overflow check */
    if ((size_t)(limit - *inbuf) < sizeof(*value))
        return HAL_ERROR_XDR_BUFFER_OVERFLOW;

    *value = ntohl(**(uint32_t **)inbuf);
    return HAL_OK;
}

/* decode an integer value the regular way */
hal_error_t hal_xdr_decode_int(const uint8_t ** const inbuf, const uint8_t * const limit, uint32_t *value)
{
    hal_error_t err;

    if ((err = hal_xdr_decode_int_peek(inbuf, limit, value)) == HAL_OK)
        *inbuf += sizeof(*value);

    return err;
}

/* encode/decode_fixed_opaque. This covers fixed-length string and opaque types.
 * The data is padded to a multiple of 4 bytes as necessary.
 */

hal_error_t hal_xdr_encode_fixed_opaque(uint8_t ** const outbuf, const uint8_t * const limit, const uint8_t * const value, const size_t len)
{
    /* arg checks */
    hal_assert(outbuf != NULL && *outbuf != NULL && limit != NULL && limit >= *outbuf && (value != NULL || len == 0));

    /* buffer overflow check */
    /* We need to explicitly check (len > 0xfffffffc) because padding will
     * round it up to 0.
     */
    if ((len > 0xfffffffc) || ((size_t)(limit - *outbuf) < ((len + 3) & ~3)))
        return HAL_ERROR_XDR_BUFFER_OVERFLOW;

    /* write the data */
    memcpy(*outbuf, value, len);
    *outbuf += len;

    /* pad if necessary */
    for (size_t i = len; (i & 3) != 0; ++i)
        *((*outbuf)++) = 0;

    return HAL_OK;
}

hal_error_t hal_xdr_decode_fixed_opaque_ptr(const uint8_t ** const inbuf, const uint8_t * const limit, const uint8_t ** const value, const size_t len)
{
    /* arg checks */
    hal_assert(inbuf != NULL && *inbuf != NULL && limit != NULL && limit >= *inbuf && value != NULL);

    /* buffer overflow check */
    if ((size_t)(limit - *inbuf) < len)
        return HAL_ERROR_XDR_BUFFER_OVERFLOW;

    /* return a pointer to the data */
    *value = *inbuf;

    /* update the buffer pointer, skipping any padding bytes */
    *inbuf += ((len + 3) & ~3);

    return HAL_OK;
}

hal_error_t hal_xdr_decode_fixed_opaque(const uint8_t ** const inbuf, const uint8_t * const limit, uint8_t * const value, const size_t len)
{
    const uint8_t *p;
    hal_error_t err;

    /* get and advance the input data pointer */
    if ((err = hal_xdr_decode_fixed_opaque_ptr(inbuf, limit, &p, len)) == HAL_OK)
        /* read the data */
        memcpy(value, p, len);

    return err;
}

/* encode/decode_variable_opaque. This covers variable-length string and opaque types.
 * The data is preceded by a 4-byte length word (encoded as above), and padded
 * to a multiple of 4 bytes as necessary.
 */

hal_error_t hal_xdr_encode_variable_opaque(uint8_t ** const outbuf, const uint8_t * const limit, const uint8_t * const value, const size_t len)
{
    hal_error_t err;

    /* encode length */
    if ((err = hal_xdr_encode_int(outbuf, limit, (uint32_t)len)) == HAL_OK) {
        /* encode data */
        if ((err = hal_xdr_encode_fixed_opaque(outbuf, limit, value, len)) != HAL_OK)
            /* undo write of length */
            *outbuf -= 4;
    }

    return err;
}

/* This version returns a pointer to the data in the input buffer.
 * It is used in the rpc server.
 */
hal_error_t hal_xdr_decode_variable_opaque_ptr(const uint8_t ** const inbuf, const uint8_t * const limit, const uint8_t ** const value, size_t * const len)
{
    hal_error_t err;
    uint32_t xdr_len;

    /* arg checks */
    hal_assert(len != NULL);

    /* read length */
    if ((err = hal_xdr_decode_int(inbuf, limit, &xdr_len)) == HAL_OK) {
        /* get the data pointer */
        if ((err = hal_xdr_decode_fixed_opaque_ptr(inbuf, limit, value, xdr_len)) == HAL_OK)
            *len = xdr_len;
        else
            /* undo read of length */
            *inbuf -= 4;
    }

    return err;
}

/* This version copies the data to the user-supplied buffer.
 * It is used in the rpc client.
 */
hal_error_t hal_xdr_decode_variable_opaque(const uint8_t ** const inbuf, const uint8_t * const limit, uint8_t * const value, size_t * const len, const size_t len_max)
{
    hal_error_t err;
    size_t xdr_len;
    const uint8_t *p;

    /* arg checks */
    hal_assert(value != NULL && len != NULL && len_max != 0);

    /* read data pointer and length */
    if ((err = hal_xdr_decode_variable_opaque_ptr(inbuf, limit, &p, &xdr_len)) == HAL_OK) {
        /* user buffer overflow check */
        if (len_max < xdr_len)
            return HAL_ERROR_XDR_BUFFER_OVERFLOW;
        /* read the data */
        memcpy(value, p, xdr_len);
        *len = xdr_len;
    }

    return err;
}